Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

CIFS (or equiv.) and security

Jeffry Smith wrote:
> Regardless of the type of authentication, remember that the actual
> SAMBA reads  / writes are UNENCRYPTED!  Better to do the SAMBA over
> SSH or some sort of VPN solution.

I'm not too concerned about anyone reading the file traffic.  There
aren't any password lists or anything like that flying around.  A bunch
of architectural CAD files, mostly.  I have to think there can't be too
many people out there trying to spy on our exterior wall details.

There seem to be three possible weaknesses here: (1) eavesdropping in on
the login (although no-one has a shell account), (2) reading
(unencrypted) file traffic, and (3) something I haven't thought of.

Like I say, (2) doesn't bother me much.  But (1) and (3) do.  I'm just
not knowledgeable enough about security matters to have a worthy opinion
about the risks involved.

> BTW:  How secure is that Windows box behind your server?  Remember,
> the chain of security is only as strong as its weakest link.  So, that
> may be the only box you're exposing, but once it's broken, your
> network is compromised.  That's the reason for DMZs for stuff exposed
> to the internet.

Good point.  Most of my effort's been on the firewall server.  I don't
*think* I'm running any services besides those I need though.

Subcription/unsubscription/info requests: send e-mail with
"subscribe", "unsubscribe", or "info" on the first line of the
message body to discuss-request at (Subject line is ignored).

BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!

Boston Linux & Unix /